you, Mr. Chairman, and I want to echo your comments
regarding the need for all Federal agencies to start
devoting the attention and resources necessary to secure
their computer systems from attacks or misuse. The government
must do more to protect the sensitive personal, financial,
proprietary and national security-related data on its
also want to stress how valuable the work of this Subcommittee
has been in moving the ball forward on these issues.
There should be little doubt in anyone's mind that,
absent the aggressive oversight of this Subcommittee,
agencies such as EPA, DOE, HCFA (now known as CMS) and
others would not have taken many of the actions that
they recently have taken to improve the security of
their sensitive data and systems. While none of them
are yet perfected, and none will likely ever be perfected
due to rapidly changing technology, keeping the pressure
and the focus on these issues is critically important
to our nation and to its citizens.
for the Commerce Department - which is the focus of
our hearing today - the GAO and Inspector General audit
findings are alarming. Ethical hackers from GAO and
the Inspector General's office were able to have their
way with the Department's various computer systems --
violating the integrity of the Department's computer
networks virtually at will.
these findings are quite troubling, they don't surprise
me at all, based on the Committee's work at other agencies.
When an Administration, such as the Clinton Administration,
devotes so little attention and resources to a particular
matter, we shouldn't be surprised to find that such
problems are so pervasive. It is clear to me that, despite
what the former President might have said about
the importance of computer security, his Administration
failed to take actions to make the protection
of our nation's critical cyber assets a true priority.
is why I am so pleased to see that the new Secretary
of Commerce is taking a different approach. He's instituted
a new management structure - with increased authority,
responsibility, and accountability for the Department's
information officers. He's allocated more resources
to these security functions at the Department level.
And, probably most importantly, the Secretary has made
clear to his Under Secretaries that they will
make computer security a priority as an integral part
of their programmatic missions, and will allocate additional
resources as necessary to get the job done.
this vein, we are pleased to have the newly-confirmed
Deputy Secretary of the Department here today to testify,
signaling the importance of this topic to the Secretary
and the level at which these issues are now being handled
within the Department.
me finish just by emphasizing that good computer security
is not a simple fix. While it takes consistent and sustained
leadership, particularly in the beginning, effective
long-term information security programs require the
implementation of sound processes and policies that
can carry on absent, or despite of, particular personalities.
I hope the Commerce Department, and all Federal agencies,
keep this principle in mind as they take these long-overdue
steps to improve the security of the sensitive data
which the American people have entrusted them to protect.
thank the Chairman, and yield back the balance of my